Security

Hi Guys, 

I recently (last Thursday) worked on an Amigopod to Clearpass Guest migration.  We followed all of the correct steps and have everything working on the Clearpass side (and in-service), but an issue that we're running into with Self-Registration is that once you enter your name and email address, click "Continue" and get your username and password, then click "Login", the redirect to securelogin.arubanetworks.com doesn't work.  We know why this doesn't work, the role on the Aruba controller for authenticated guests has a rule disallowing access to any RFC 1918 addresses (including the controller IP).  Even though the redirect to securelogin.arubanetworks.com doesn't complete and redirect the user to www.google.com (which is the welcome page set up in the Aruba controller), the user still has authenticated guest access and can now browse the internet.

This wouldn't normally be a problem, I would tell the client that we need to open http/https to the controller IP address to get this to work and everything would be fine, but as it stands, it worked for Amigopod without this access and the client is wondering what is different now and why we need to allow this access.  I am not very versed in the Amigopod world and have much more experience with Clearpass Policy Manager/Guest so I am a bit out of my league with the question.

Any help would be much appreciated!

Thanks, Mike

---

@mikelutgen wrote:

Hi Guys, 

I recently (last Thursday) worked on an Amigopod to Clearpass Guest migration.  We followed all of the correct steps and have everything working on the Clearpass side (and in-service), but an issue that we're running into with Self-Registration is that once you enter your name and email address, click "Continue" and get your username and password, then click "Login", the redirect to securelogin.arubanetworks.com doesn't work.  We know why this doesn't work, the role on the Aruba controller for authenticated guests has a rule disallowing access to any RFC 1918 addresses (including the controller IP).  Even though the redirect to securelogin.arubanetworks.com doesn't complete and redirect the user to www.google.com (which is the welcome page set up in the Aruba controller), the user still has authenticated guest access and can now browse the internet.

This wouldn't normally be a problem, I would tell the client that we need to open http/https to the controller IP address to get this to work and everything would be fine, but as it stands, it worked for Amigopod without this access and the client is wondering what is different now and why we need to allow this access.  I am not very versed in the Amigopod world and have much more experience with Clearpass Policy Manager/Guest so I am a bit out of my league with the question.

 

Any help would be much appreciated!

Thanks, Mike

---

You should contact support, because we will all be guessing here about (1) how your network is configured (2) what ultimately is the solution to your problem.  Most of us will be wrong because we do not have enough information.

Can you please share the guest-logon role ?

I was just at the client again last week and the problem no longer exists, it must have been a client-side problem because we can't seem to recreate it again.  Thanks for the help!